查找一段时间内日志

head -1 update.u_log.20131217.txt
123.122.180.129 - - [17/Dec/2013:00:00:19 +0800] "GET /index.php?s=2 HTTP/1.1" 404 570 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; QQDownload 735; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

查找当天16/Dec/2013:17:26:31以后访问记录

cat update.u_log.20131216.txt | awk '{time = substr($4,2);if(time > "16/Dec/2013:17:26:31" && time < "17/Dec/2013:00:00:00") print $0;}' > update.u_log.20131217_bak.txt

替换16/Dec为17/Dec

cat  update.u_log.20131217_bak.txt | awk '{sub(/16\/Dec/,"17/Dec")}{print $0}' > update.u_log.20131217_bak1.txt

追加到另外一个文件里面

cat update.u_log.20131217_bak1.txt >> update.u_log.20131217.txt

转载一些其它awk 替换 匹配

[root@localhost test]# cat awk

1a 9,100.34
1b 1,999.00
1c 5,656.55
[root@localhost test]# awk '{sub(/1/,"test")}{print "\n",$1,$2}' awk   
testa 9,100.34
testb 1,999.00
testc 5,656.55
[root@localhost test]# awk '{gsub(/1/,"test")}{print "\n",$1,$2}' awk  
testa 9,test00.34
testb test,999.00
testc 5,656.55
[root@localhost test]# awk '{sub(/[0-9]+/,"")}{print "\n",$1,$2}' awk 
a 9,100.34
b 1,999.00
c 5,656.55

打印出$1只包含4个字符的 awk '$1~/^....$/{print $1}' file

http://bbs.linuxtone.org/thread-17620-1-1.html 看到的学习一下记录一下 效果是有了 但时间和我系统时间对不上

[root@localhost test]# cat awk 
1a 9,100.34 dkjfjkdkjf 45  lopo
1b 1,999.00 dgfg       456 ll
1c 5,656.55 fghgf       465 df

[root@localhost test]# awk '{$2=strftime("%F %T",$2);print $1,$2,$3 >"bbb.txt";print $1,$2,$4 >"ccc.txt"}' awk
[root@localhost test]# cat bbb.txt 
1a 1969-12-31 16:00:09 dkjfjkdkjf
1b 1969-12-31 16:00:01 dgfg
1c 1969-12-31 16:00:05 fghgf
[root@localhost test]# date
Wed Dec 14 22:49:28 PST 2011
[root@localhost test]# cat ccc.txt 
1a 1969-12-31 16:00:09 45
1b 1969-12-31 16:00:01 456
1c 1969-12-31 16:00:05 465

[root@localhost test]# date
Wed Dec 14 23:07:09 PST 2011                                                            
  问题已解决 把{$2=strftime("%F %T",$2)中的$2去掉就可得到正确的格式了 见下图

 一个文件，列数是不一样的，如果有5列，就取前4列，如果有6列，就取前5列

 当第一列大于2的时候 打印

tail -1000  /var/log/syslog-ng/messages.log  | awk '{print $3,$0}'  |awk  -F: '$1$2$3 > 19300 && $1$2$3 < 194000 { print $1$2$3,$0}' 
仅供参考

cat  /var/log/syslog-ng/messages.log  | awk '{print $3,$0}'  |awk  -F: '$1$2$3 > 19300 && $1$2$3 < 194000 { print $1$2$3,$0}' 
简单方法 

匹配10点到11点

cat /var/log/messages | grep "[1][0-1]:..:.." |tail -100

匹配一点

cat /var/log/messages | grep "[0][1]:..:.." |tail -300

空格和 ：都作为分隔符

cat /var/log/messages |awk -F"[ ]|:" '$3==10 {print} '